Identity and Privacy in the Internet Age: 14th Nordic Conference on Secure IT Systems, NordSec 2009, Oslo, Norway, 14-16 October 2009, Proceedings (Lecture ... Computer Science / Security and Cryptology)

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

This book constitutes the refereed proceedings of the 14th International Conference on Secure IT Systems, NordSec 2009, held in Oslo, Norway, October 14-16, 2009.

The 20 revised full papers and 8 short papers presented were carefully reviewed and selected from 52 submissions. Under the theme Identity and Privacy in the Internet Age, this year's conference explored policies, strategies and technologies for protecting identities and the growing flow of personal information passing through the Internet and mobile networks under an increasingly serious threat picture. Among the contemporary security issues discussed were Security Services Modeling, Petri Nets, Attack Graphs, Electronic Voting Schemes, Anonymous Payment Schemes, Mobile ID-Protocols, SIM Cards, Network Embedded Systems, Trust, Wireless Sensor Networks, Privacy, Privacy Disclosure Regulations, Financial Cryptography, PIN Verification, Temporal Access Control, Random Number Generators, and some more.

Author(s): Audun Jøsang, Torleiv Maseng, Svein J. Knapskog
Series: Lecture ... Computer Science / Security and Cryptology
Edition: 1
Publisher: Springer
Year: 2009

Language: English
Pages: 310

front-matter......Page 1
Introduction......Page 9
Related Work......Page 11
Theoretical Foundation......Page 12
Event Study Setup......Page 13
Empirical Results......Page 14
Regulatory Implications......Page 17
Managerial Implications......Page 18
Conclusion......Page 19
References......Page 20
Introduction......Page 23
Related Work......Page 24
Identifying Potential Target Group......Page 25
Research Methodology......Page 26
User Side Revenue Generation......Page 28
Advertising at the Exit Node......Page 29
Revenue Generation from Content Providers......Page 30
References......Page 32
Introduction......Page 36
Background......Page 37
Parallel Architecture of P2Priv......Page 38
Anonymity Analysis for P2Priv......Page 39
P2Priv in P2P Scenario......Page 40
P2Priv in Client-Server Scenario......Page 42
Summary of the Results......Page 44
Network Privacy Preserving Parallel Topology......Page 45
Anonymity Analysis for NetPriv......Page 47
Conclusions and Future Work......Page 49
Introduction......Page 52
Background and Rationales of Petname Systems......Page 53
Components......Page 55
Functional Properties......Page 56
Security Usability Properties......Page 57
Evaluation of Security Usability for Petname Systems......Page 58
Application Domains......Page 60
Evaluation of the Petname Tool......Page 62
Evaluation of the TrustBar......Page 64
Summery......Page 65
Conclusions......Page 66
Introduction......Page 68
Security Differences between Web Browsers and Widget Engines......Page 69
Vulnerabilities of the Widget Model......Page 70
Threats......Page 71
Attacks......Page 72
Countermeasures......Page 74
Countermeasures for Widget Engines......Page 75
Countermeasures for Widget Developers......Page 77
References......Page 78
Motivation......Page 80
Key Assignment Schemes......Page 81
Trade-Offs in Key Assignment Schemes......Page 82
Key Assignment Schemes for Temporal Access Control......Page 83
An Immediate Improvement......Page 84
Skipping a Level......Page 86
A Multiplicative Decomposition of Tn......Page 89
A 2-Hop Scheme......Page 90
Minimizing the Number of Edges in the 2-Hop Scheme......Page 91
Other Possibilities......Page 92
Related Work......Page 93
Future Work......Page 94
Introduction......Page 96
Background......Page 97
PIN Management APIs......Page 98
Attacks on Verification API......Page 100
Attacks on the Translate API......Page 102
Our Proposed Fix......Page 103
Packing the MAC into the CVC/CVV......Page 104
Practicalities of Deploying Our Proposal......Page 105
Addressing Translation Attacks......Page 106
Comparison to Other Proposals......Page 108
Conclusions......Page 109
Some Standard 64-Bit PIN Block Formats......Page 110
Introduction......Page 112
Related Work......Page 113
Change Detection Technique......Page 115
Change Point Correlation......Page 116
Correlation Logic......Page 118
Change Point Validation......Page 119
Experimentation......Page 120
Experimental Results......Page 121
Conclusion and Future Directions......Page 125
Motivation......Page 128
Problem Description and Results......Page 129
TKIP Countermeasures......Page 130
How the Attack Works......Page 131
Application Areas......Page 132
DHCP ACK Packet......Page 133
How the Attack Works......Page 134
Consequences......Page 136
Attack Performance......Page 137
Fragmentation Attack......Page 138
Conclusion......Page 139
Introduction......Page 141
Security Properties......Page 142
Existing Security Architectures for WSNs......Page 143
Sensor Network Platform......Page 144
ROM......Page 145
Block Cipher Evaluation......Page 146
CBC-CS Evaluation......Page 149
CMAC Evaluation......Page 150
OCB Evaluation......Page 151
ContikiSec Design......Page 152
References......Page 154
Introduction......Page 156
Related Work......Page 159
The Mechanism for Identity Delegation......Page 161
Identity Delegation Prototype......Page 164
Evaluation......Page 166
Conclusions......Page 168
Introduction......Page 171
Mobile Real-Time Services......Page 172
Classes of Mobile Real-Time Services......Page 173
Classification of Mobile Real-Time Services......Page 174
Empirical Evidence......Page 175
Information Pull Services......Page 176
Notification Push Services......Page 177
Transaction Services......Page 179
Summary of Results......Page 181
Conclusion......Page 182
References......Page 183
Introduction......Page 187
Sources of Randomness......Page 188
Processing Randomness......Page 189
Definition of Randomness Extractor......Page 191
Extractors Based on Carter-Wegman Universal Hashing......Page 193
Choosing Suitable Class of Hash Functions......Page 194
Analysis of Acquired Random Data......Page 195
Conclusion and Future Work......Page 196
Introduction......Page 198
Related Work......Page 200
Requirements......Page 201
Stochastic Activity Networks......Page 203
Key Challenge Petri Net......Page 206
Formalization......Page 207
Example Behaviour......Page 209
Analysis......Page 210
Conclusion and Issues for Further Research......Page 211
References......Page 212
Introduction......Page 215
Norwegian Situation......Page 216
Open Voting Scheme Using Double Envelopes......Page 217
Blind Voting Scheme......Page 218
Blind Voting Scheme Using Symbols......Page 221
Blind Voting Scheme Using CAPTCHAs......Page 222
Tamper Indicating Open Voting Scheme......Page 224
Introduction......Page 226
Certification......Page 227
Open Source......Page 228
Conclusion......Page 229
Introduction......Page 231
The State of the Art in SIM Card Technology......Page 233
Related Work......Page 235
Contextual Evidences......Page 236
The seamless trust builder......Page 237
Implementation......Page 239
Experiments......Page 242
Evaluation......Page 243
Conclusions and Future Work......Page 244
Introduction......Page 247
Running Example......Page 249
Security Properties......Page 251
Iterative Property Representation......Page 253
Effective vs. Iterative Enforcement......Page 254
Iterative Enforcement Mechanism......Page 255
Ligatti Automaton Construction......Page 256
Iterative Enforcement by Suppression Mechanism......Page 258
Conclusions......Page 261
Introduction......Page 263
Anonymization Process......Page 264
Payment Concept......Page 265
Overview over the Protocols......Page 266
Account Creation......Page 267
Authentication at the Payment Instance......Page 268
Charging of the Account and Balance Check......Page 269
Payment Initialization......Page 270
Data Exchange and Repurchase of Traffic Volume......Page 274
Reasons for the Attack......Page 275
Conclusion......Page 277
Introduction......Page 279
The Mobile-ID Protocol......Page 280
Base Security Model......Page 282
Formalization in ProVerif......Page 283
Attacker Controls DigiDocService......Page 286
Attacker Partially Controls the Client......Page 288
Server Chooses the Control Code......Page 289
Summary......Page 291
Conclusions......Page 292
Introduction......Page 295
Related Work......Page 296
Preliminaries......Page 297
Program Abstraction......Page 299
Algorithm......Page 300
Mechanism's Enforcement Power......Page 305
Conclusion and Future Work......Page 307
back-matter......Page 310